A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

#############################################################################
# AntiSol.Org security.txt File
#############################################################################
#                                                                           
# Security policy: You may probe this machine to a certain extent, but you 
#  should DO NO EVIL: don't look at or exfiltrate private data, or do 
#  anything else that's bad.
#
# Access may be blocked arbitrarily and without warning. If you intend to 
#  look at this machine, you are encouraged to contact me in advance to avoid 
#  that. 
#  Note that all access to this server is subject to my terms and conditions
#  of service: https://antisol.org/tacos
# 
# I am just an individual and cannot offer monetary bug bounty programs,
#  but I will gladly accept responsible disclosures and acknowledge the
#  reporter publicly.
#
# There have been attempts using automated tools to contact the security
#  email address below. If you contact me on this address, include the word
#  "eggs" prominently in your email or subject line to confirm that you are 
#  human.
#
#############################################################################

Canonical: https://antisol.org/.well-known/security.txt
Contact: mailto:sec@antisol.org
Expires: Fri, 31 Dec 9999 23:59:59 +1000
Preferred-Languages: en